ports/145885: [security] www/e107 XSS and code execution
niels
niels at FreeBSD.org
Tue Apr 20 14:30:06 UTC 2010
>Number: 145885
>Category: ports
>Synopsis: [security] www/e107 XSS and code execution
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Apr 20 14:30:05 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: niels
>Release: 8.0-STABLE
>Organization:
>Environment:
>Description:
Two serious issues affect this port (which is at version 0.7.15). You can find the descriptions in the following advisories:
http://seclists.org/bugtraq/2010/Apr/156
http://seclists.org/bugtraq/2010/Apr/160
>How-To-Repeat:
N/A
>Fix:
Upgrade port to version 0.7.20 with the following patch:
http://people.freebsd.org/~niels/ports/diffs/e107-0.7.20.diff
Tinderbox test log:
http://freebsd.heinen.ws/tb/logs/8.0-STABLE/e107-0.7.20.log
NOTE: No functional tests have been performed!
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list